North Korean Hacking Group Lazerus Stole $571 Million in Cryptos: Report

North Korea’s infamous hacking group, dubbed Lazarus, has managed to steal over half a billion dollars in cryptocurrencies, a report indicates.

According to an article published Friday by The Next Web, the coming annual report from cybersecurity vendor Group-IB sets out that Lazarus was behind 14 hacks on crypto exchanges since January 2017, reaping a massive $571 million from the attacks.

The news backs up claims from officials in South Korea, who said in February that North Korean hackers likely stole tens of millions of dollars’ worth in cryptocurrencies in 2017.

As reported by CoinDesk, the country’s National Intelligence Service  said that phishing scams and other criminal methods methods had yielded tens of billions of won in customer funds. Authorities were also probing whether the same hackers were behind the January hack of the Coincheck exchange, which saw over $500 million in cryptocurrency taken – though Lazarus wasn’t specifically mentioned.

More generally, Group-IB also indicates that $882 million in cryptocurrency was stolen from exchanges in total from 2017 to 2018, according to a summary of the report obtained by the tech news source.

The security provider said the number of attacks targeting crypto exchanges is likely to rise further, with hackers of more traditional financial institutions such as banks being drawn to the space seeking big gains.

The summary also looks at the methods used by hackers in order to carry out their attacks, saying spear phishing, social engineering and malware are the most widespread tools of the illicit trade.

TNW cited the report as saying that spear phishing – targeting individuals or organizations with malware delivered via an email attachment – is the “major vector of attack” on enterprise networks. It adds:

“After the local network is successfully compromised, the hackers browse the local network to find work stations and servers used working with private cryptocurrency wallets.”

Furthermore, says Group-IB, hackers have made off with 10 percent of the funds raised by ICO platforms since early 2017, with phishing the most common means of attack.

The firm reportedly suggests that over-keen investors have been rushing to participate in token sales without paying sufficient attention to their security, often falling foul of tricks such as fake websites. For example, one such fake targeted would-be investors in the major ICO launched by Telegram, as reported in March.

Group-IB further warns that mining pools could prove a tempting target for hackers, saying bad actors could employ 51 percent attacks to take over networks, as has happened at a number of crypto projects this year.

Photo via Shutterstock.

Source: Coindesk


Man in Oslo Killed After Selling Large Amount of Bitcoin, Privacy in P2P

A meeting place that could have been about a common peer-to-peer Bitcoin trade turned into a scene of a brutal killing.A 24-year old Norwegian man was reportedly stabbed to death in his Majorstuen apartment shortly after completing a cash-to-Bitcoin trade with his alleged killer. The local police believe there was a large pile of Krone kept in the studio that could have been the motivation behind the gruesome killing. And then, a tip revealing that the victim was a cryptocurrency trader has determined police to investigate more angles, which it refused to share with media.“We are familiar with a tip about Bitcoin, but at this time we will not provide more information about the investigation,” said Lien Metlid, Head of Common Unit for Intelligence and Investigations in Oslo Police. “We investigate widely in every way. Economic motives are one of the reasons to which we are open.”Victim cashed-out Bitcoins before deathThe victim, according to one of his roommates, had siphoned off over $120,000 worth of NOK from his Bitcoin investments. He was planning to sell some of his Bitcoin holdings to purchase an apartment, the details of which he had shared with the friends in his circle. Per the report, the suspect must have reached out to the victim in the context of conducting a p2p bitcoin trade after gaining knowledge about the cash in the victim’s apartment.The Oslo police did not find any cash in the house during their search. They, with the help of their forensic and surveillance experts, have mapped the Majorstuen area to examine all possible movements on the day of the killing.No arrests have been made yet.Privacy in P2PThe gruesome incident has once again raised the reason for debate of whether confidentiality in finance is essential. Thousands of people around the world are immersed in p2p transactions in the absence of adequate regulatory frameworks. Marijuana businesses in the US still rely on cash transactions because banks refuse to work with them citing a federal roadblock. Similarly, in the world of cryptocurrencies, people are forced to meet face to face to sell or purchase irreversible crypto-assets, without an escrow, while working in a grey area of law.A peer-to-peer transaction puts the weight of determining the opposite party solely on the players engaged. And then, in the absence of banking relationships, these strangers need to meet face to face under minimal legal protection. In countries where crypto transactions are banned, the probability of p2p crimes could be more, therefore.Financial privacy will always be a thing that couldn’t be achieved entirely. Even the players engaged in p2p transactions would need to understand that, at one point or another, they will have to reveal their identity for keeping themselves safe from potential threats – some even life-threatening. On the other hand, governments need to come up with better laws to disbar organizations that sell private financial data and inject more confidence in millenials so they can trust.

Binance Partners With Chainalysis For Better Fraud Detection on its Platform

Binance and Chainalysis

Compliance and fraud detection are two major pain points for all cryptocurrency exchanges. Establishing procedures that can help in continuous monitoring of these two areas requires tremendous amount of effort. However, technology helps with everything, and if companies are continuously on the lookout for new solutions related to anything, they can eventually find something to ease their life. Binance has proved this once again. It has partnered with crypto compliance software provider Chainalysis to implement a new monitoring system for fraud detection.

The partnership was announced a few hours back, and as part of this partnership Chainalysis will provide Binance with access to its “Know Your Transaction” software. The software has been developed to monitor transactions in real-time, and whenever it spots any suspicious transactions it generates an alert. It can also help Binance in opening bank accounts as it’s compliant with KYC and AML guidelines of major economies.

Speaking about the partnership Mr. Wei Zhou, Chief Financial Officer (CFO) of Binance told Coindesk:

“The ultimate goal of our partnership with Chainalysis is to create an environment in blockchain where everyone feels safe. We believe the fight against money laundering to be collaborative and pro-active.

While company already has strict KYC and AML measures in place, and also has a dedicated team of compliance professionals, Mr. Zhou said that it’s important to be on the lookout for new technologies if criminals have to be stopped. He said:

“Criminals are always looking to loopholes in the system, so we are continuously on the lookout for new technologies and methods to combat money laundering and malicious actors.”

Mr. Jonathan Levin, the Chief Operating Officer of Chainalysis, also said that this new partnership will help the entire ecosystem. He said:

“Cryptocurrency market participants must develop greater trust in the data and technology underlying our ecosystem in order for the overall space to advance. By working with industry leaders like Binance, we’re able to mold the foundation for credible and robust markets in all jurisdictions.”

The Chainalysis software uses a combination of proprietary algorithms, pattern recognition technologies and several open-source resources to detect fraudulent and illicit transactions. It will be interesting to see which other exchanges adopt its technology after Binance.

Share with your friends